Disclosure of Invention
The invention provides a 1400 protocol-based secure transmission method, a view library platform and a 1400 protocol-based secure transmission system, which are used for solving the technical problems that the existing 1400 protocol-based equipment push-image interaction mode has the risks of being stolen and tampered in the picture transmission process, has low security and is not suitable for being used in business scenes with high security requirements.
In view of this, the first aspect of the present invention provides a secure transmission method based on 1400 protocols, including:
receiving the push map information sent by the image acquisition equipment, wherein the head of the push map information carries the national standard ID of the equipment;
judging whether the state of the image acquisition equipment is an on-line state or not according to the national standard ID of the equipment;
if the image acquisition equipment is in an on-line state, checking whether the service parameters of the push map information accord with 1400 protocol specifications;
if the business parameters of the push map information accord with 1400 protocol specifications, checking whether the header parameters of the push map information accord with preset specifications, wherein the preset specifications are that the header parameters comprise time stamps, nonce random numbers, version information, tail characteristic information of picture Base64 and signatures;
if the header parameters of the push-map information accord with preset specifications, decrypting the picture Base64 data in the push-map information;
if the decryption is successful, returning the push map receiving success information, and if the decryption is failed, returning the push map information receiving failure information.
Optionally, before receiving the push map information sent by the image acquisition device, the method further includes:
and based on a secondary authentication mechanism, registering and authenticating the picture acquisition equipment.
Optionally, based on the secondary authentication mechanism, performing registration authentication on the image acquisition device includes:
when a first registration request sent by image acquisition equipment is received, returning 401 state code information to the image acquisition equipment and attaching WWW-authentication header information, wherein the first registration request does not have an authentication header;
when receiving a second registration request which is sent again in the Authorization header after the image acquisition equipment encrypts the RFC2617 digest according to the WWW-authentication header information to generate a key, the image acquisition equipment is registered and authenticated according to the user name and the digest information.
Optionally, the picture Base64 tail characteristic information is 32-bit data at the end of picture Base 64.
Optionally, receiving the push map information sent by the image acquisition device includes:
receiving push image information sent by image acquisition equipment after AES encryption processing is carried out on the first 32 bits of picture Base64 data;
correspondingly, decrypting the picture Base64 data in the pushout information includes:
AES decryption is performed on the first 32 bits of picture Base64 data in the push map information.
A second aspect of the present invention provides a view library platform comprising:
the receiving module is used for receiving the push map information sent by the image acquisition equipment, wherein the head of the push map information sent by the image acquisition equipment carries the national standard ID of the equipment;
the state detection module is used for judging whether the state of the image acquisition equipment is an on-line state according to the national standard ID of the equipment;
the service parameter checking module is used for checking whether the service parameters of the push map information accord with 1400 protocol specifications if the image acquisition equipment is in an on-line state;
the header parameter verification module is used for verifying whether the header parameter of the push-map information accords with a preset specification if the service parameter of the push-map information accords with 1400 protocol specifications, wherein the preset specification is that the header parameter comprises a time stamp, a Nonce, version information, picture Base64 tail characteristic information and a signature;
the decryption module is used for decrypting the picture Base64 data in the push map information if the head parameter of the push map information accords with a preset specification;
and the result returning module is used for returning the push map receiving success information if the decryption is successful, and returning the push map information receiving failure information if the decryption is failed.
Optionally, the method further comprises:
and the registration authentication module is used for carrying out registration authentication on the picture acquisition equipment based on the secondary authentication mechanism.
Optionally, the registration authentication module is specifically configured to:
when a first registration request sent by image acquisition equipment is received, returning 401 state code information to the image acquisition equipment and attaching WWW-authentication header information, wherein the first registration request does not have an authentication header;
when receiving a second registration request which is sent again in the Authorization header after the image acquisition equipment encrypts the RFC2617 digest according to the WWW-authentication header information to generate a key, the image acquisition equipment is registered and authenticated according to the user name and the digest information.
Optionally, the receiving module is specifically configured to:
receiving the picture pushing information sent by the image acquisition equipment after performing AES encryption processing on the first 32 bits of picture Base64 data, wherein the picture pushing information header carries the national standard ID of the equipment;
correspondingly, the decryption module is specifically configured to:
if the header parameters of the push map information meet the preset specification, performing AES decryption on the first 32 bits of picture Base64 data in the push map information.
The third aspect of the invention provides a 1400 protocol-based secure transmission system, which comprises an image acquisition device and the view library platform according to any one of the second aspect;
the image acquisition equipment is used for carrying out registration authentication on the view library platform, after the registration authentication, the acquired picture is added with the national standard ID header of the equipment to form picture pushing information, and the picture pushing information is sent to the view library platform.
From the above technical scheme, the 1400 protocol-based secure transmission method, the view library platform and the 1400 protocol-based secure transmission system provided by the invention have the following advantages:
according to the 1400 protocol-based secure transmission method, in the process of pushing the picture, the head parameters such as the time stamp, the Nonce, the version information, the tail characteristic information of the picture Base64 and the signature are added to the picture, the secondary encryption of the picture pushing is realized on the basis of picture encryption, the situation that the picture is stolen and tampered in the process of pushing the picture to the 1400 view library platform by the image acquisition equipment can be avoided, and the safety of the system is greatly improved. The method solves the technical problems that the prior 1400 protocol-based equipment push-graph interaction mode has the risks of being stolen and tampered in the picture transmission process, has low safety and is not suitable for being used in business scenes with high safety requirements.
In addition, the 1400 protocol-based secure transmission method provided by the invention does not destroy the original protocol, and can still be used for receiving and forwarding the image acquisition equipment to the 1400 view library platform by utilizing the standard 1400 protocol, so that the method can be compatible with the unencrypted image acquisition equipment, and improves the universality of the system.
The view library platform and the 1400 protocol-based secure transmission system provided by the invention are used for executing the 1400 protocol-based secure transmission method provided by the invention, and the principle and the obtained technical effects are the same as those of the 1400 protocol-based secure transmission method provided by the invention, and are not repeated here.
Detailed Description
In order to make the present invention better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
For ease of understanding, referring to fig. 1 and 2, an embodiment of a secure transmission method based on 1400 protocol is provided in the present invention, including:
and step 101, receiving the push map information sent by the image acquisition equipment, wherein the head of the push map information carries the national standard ID of the equipment.
It should be noted that, in the embodiment of the present invention, first, the push map information sent by the image acquisition device is received. Before sending the push-map information, the image acquisition equipment needs to preprocess the push-map information, wherein the preprocessing comprises the step of putting the equipment national standard ID header information into picture data to be sent to form the push-map information carrying the equipment national standard ID header information. The picture is encrypted by Base64 coding, and specifically, the first 32 bits of the Base64 data of the picture are subjected to AES encryption processing.
In one embodiment, registration authentication is required for the image capturing device before receiving the push image information sent by the image capturing device, and push image information sent by the image capturing device after registration authentication is received. The registration authentication of the picture acquisition device can be performed by adopting a secondary authentication mechanism. Specifically, as shown in fig. 3, the 1400 view library platform manually distributes usernames and password to the image acquisition device in a user distribution manner, and the image acquisition device does not know the authentication request header filling information when the image acquisition device registers for the first time, so when receiving the first registration request sent by the image acquisition device, the 1400 view library platform returns 401 status code information and appends WWW-authentication header information to the image acquisition device. The image acquisition equipment encrypts RFC2617 abstract according to WWW-authentication header information to generate a key, then sends the key into an authentication header, resends a second registration request, and after receiving the second registration request, the 1400 view library platform analyzes the key in the authentication request header to obtain a user name (username) and a password (password), matches the user name with the password, if the matching is successful, the registration authentication is successful, otherwise, the registration authentication fails.
In one embodiment, the image capture device should be timed to keep-alive so that the device national ID is in an available state.
And 102, judging whether the state of the image acquisition equipment is an on-line state according to the national standard ID of the equipment.
After receiving the push map information, the device national standard ID is obtained through the header User-identity.
Step 103, if the image acquisition equipment is in an on-line state, checking whether the service parameters of the push map information accord with 1400 protocol specifications.
It should be noted that, the state of the image acquisition device is queried through the device national standard ID, whether the image acquisition device is online is judged, if the image acquisition device is not online, no processing is performed, and if the image acquisition device is online, whether the service parameters of the push map information accord with 1400 protocol specifications is checked. If the service parameter meets 1400 protocol specifications, step 104 is executed, if the service parameter has field non-compliance, the "JSON format invalidation" is returned, and if the service parameter has field value non-compliance, the "JSON content invalidation" is returned.
Step 104, if the service parameters of the push map information meet 1400 protocol specifications, checking whether the header parameters of the push map information meet preset specifications, wherein the preset specifications comprise a timestamp, a Nonce, version information, tail characteristic information of the picture Base64 and a signature.
It should be noted that after determining that the service parameter of the push map information accords with 1400 protocol specifications, it is checked whether the header parameter of the push map information accords with preset specifications, that is, whether the header parameter of the push map information includes a Timestamp (Timestamp), a Nonce, version information (Version), picture Base64 tail feature information (ImageFeature), and a Signature (Signature). That is, in the push map information sent by the image acquisition device, in addition to the national standard ID of the header parameter device, the header parameters such as a timestamp, a Nonce, version information, tail feature information of the picture Base64 and a signature should be added.
For signature authentication, the image acquisition device may be used to perform authentication by using a password allocated to the image acquisition device by the 1400 view library during registration authentication, and specifically, the signature authentication algorithm may be expressed as follows:
Signature=Hmac_sha256(“ImageFeature=value&Nonce=value&Timestamp=value&User-Identify=value&Version=value”,password)
the header parameters such as the timestamp, the Nonce, the version information, the tail characteristic information of the picture Base64 and the signature are newly added in the push picture information, so that the timeliness of the interface can be enhanced, replay attack is prevented, and picture data is prevented from being tampered and stolen in the interface transmission process.
The tail characteristic information of the picture Base64 adopts 32-bit data at the tail of the picture Base 64.
Step 105, if the header parameter of the push map information meets the preset specification, decrypting the picture Base64 data in the push map information.
After the header parameter is checked, the received picture Base64 data in the push map information is decrypted to obtain the original picture data. Specifically, AES decryption is performed on the first 32 bits of picture Base64 data in the pushout information.
The head parameters of the timestamp, the Nonce, the version information, the tail characteristic information of the picture Base64 and the signature are added to combine with AES encryption and decryption of the picture Base64 data to form secondary encryption processing of the push map, so that the safety of the push map is greatly improved, and the risks of stealing and tampering of the picture in the push map process are avoided.
And 106, returning the push map receiving success information if the decryption is successful, and returning the push map information receiving failure information if the decryption is failed.
If the decryption is successful, returning the push image receiving success information, successfully storing the image into the 1400 view library, and then executing the operation of pushing the image to the upper public security platform. If the decryption fails, returning to the push image information receiving failure information, and failing to store the image in the 1400 view library.
According to the 1400 protocol-based secure transmission method, in the process of pushing the picture, the head parameters such as the time stamp, the Nonce, the version information, the tail characteristic information of the picture Base64 and the signature are added to the picture, the secondary encryption of the picture pushing is realized on the basis of picture encryption, the situation that the picture is stolen and tampered in the process of pushing the picture to a 1400-view library by the image acquisition equipment can be avoided, and the safety of the system is greatly improved. The method solves the technical problems that the prior 1400 protocol-based equipment push-graph interaction mode has the risks of being stolen and tampered in the picture transmission process, has low safety and is not suitable for being used in business scenes with high safety requirements.
In addition, the 1400 protocol-based secure transmission method provided by the invention does not destroy the original protocol, and can still be used for receiving and forwarding the image acquisition equipment to the 1400 view library platform by utilizing the standard 1400 protocol, so that the method can be compatible with the unencrypted image acquisition equipment, and improves the universality of the system.
For ease of understanding, referring to fig. 5, an embodiment of a view library platform is provided in the present invention, including:
the receiving module is used for receiving the push map information sent by the image acquisition equipment, wherein the head of the push map information sent by the image acquisition equipment carries the national standard ID of the equipment;
the state detection module is used for judging whether the state of the image acquisition equipment is an on-line state according to the national standard ID of the equipment;
the service parameter checking module is used for checking whether the service parameters of the push map information accord with 1400 protocol specifications if the image acquisition equipment is in an on-line state;
the header parameter verification module is used for verifying whether the header parameter of the push-map information accords with a preset specification if the service parameter of the push-map information accords with 1400 protocol specifications, wherein the preset specification is that the header parameter comprises a time stamp, a Nonce, version information, picture Base64 tail characteristic information and a signature;
the decryption module is used for decrypting the picture Base64 data in the push map information if the head parameter of the push map information accords with a preset specification;
and the result returning module is used for returning the push map receiving success information if the decryption is successful, and returning the push map information receiving failure information if the decryption is failed.
Further comprises:
and the registration authentication module is used for carrying out registration authentication on the picture acquisition equipment based on the secondary authentication mechanism.
The registration authentication module is specifically configured to:
when a first registration request sent by image acquisition equipment is received, returning 401 state code information to the image acquisition equipment and attaching WWW-authentication header information, wherein the first registration request does not have an authentication header;
when receiving a second registration request which is sent again in the Authorization header after the image acquisition equipment encrypts the RFC2617 digest according to the WWW-authentication header information to generate a key, the image acquisition equipment is registered and authenticated according to the user name and the digest information.
The receiving module is specifically used for:
receiving the picture pushing information sent by the image acquisition equipment after performing AES encryption processing on the first 32 bits of picture Base64 data, wherein the picture pushing information header carries the national standard ID of the equipment;
correspondingly, the decryption module is specifically configured to:
if the header parameters of the push map information meet the preset specification, performing AES decryption on the first 32 bits of picture Base64 data in the push map information.
The tail characteristic information of the picture Base64 is 32-bit data at the tail of the picture Base 64.
According to the 1400 protocol-based secure transmission device, in the process of pushing the picture, the head parameters such as the time stamp, the Nonce, the version information, the tail characteristic information of the picture Base64 and the signature are added to the picture, the secondary encryption of the picture pushing is realized on the basis of picture encryption, the situation that the picture is stolen and tampered in the process of pushing the picture to a 1400-view library by the image acquisition equipment can be avoided, and the security of the system is greatly improved. The method solves the technical problems that the prior 1400 protocol-based equipment push-graph interaction mode has the risks of being stolen and tampered in the picture transmission process, has low safety and is not suitable for being used in business scenes with high safety requirements.
In addition, the view library platform provided by the invention does not destroy the original protocol, and the image acquisition equipment can still receive and forward the original protocol to the 1400 view library platform by utilizing the standard 1400 protocol, so that the image acquisition equipment can be compatible with the unencrypted image acquisition equipment, and the universality of the system is improved.
For ease of understanding, referring to fig. 6, an embodiment of a secure transmission system based on 1400 protocols is provided in the present invention, including an image acquisition device and a view library platform provided in the present invention;
the image acquisition equipment is used for carrying out registration authentication on the view library platform, after the registration authentication, the acquired picture is added with the national standard ID header of the equipment to form picture pushing information, and the picture pushing information is sent to the view library platform.
The 1400 protocol-based secure transmission system provided by the invention is used for executing the 1400 protocol-based secure transmission method provided by the invention, and the principle and the obtained technical effects are the same as those of the 1400 protocol-based secure transmission method provided by the invention, and are not repeated here.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.